Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
documentation.suse.com / A SUSE Linux Enterprise Server dokumentációja / Security and Hardening Guide / Regulations and Compliance
Applies to SUSE Linux Enterprise Server 15 SP3

Part IV Regulations and Compliance

  • 27 Common Criteria
  • Common Criteria is the best known and most widely used methodology to evaluate and measure the security value of an IT product. The methodology aims to be independent, as an independent laboratory conducts the evaluation, which a certification body will certify afterward. Security Functional Require…

  • 28 Enabling compliance with FIPS 140-2
  • If your organization does any work for the United States federal government, it is likely that your cryptography applications (such as openSSL, GnuTLS, and OpenJDK) will be required to be in compliance with Federal Information Processing Standards (FIPS) 140-2. FIPS 140-2 is a security accreditation program for validating cryptographic modules produced by private companies. If your organization is not required by compliance rules to run SUSE Linux Enterprise in FIPS mode, it is most likely best to not do it. This chapter provides guidance on enabling FIPS mode, and links to resources with detailed information.

  • 29 Payment Card Industry Data Security Standard (PCI DSS)
  • To protect customers and the business itself, companies that handle credit card payments must keep data as safe and secure as possible. Following the Payment Card Industry Data Security Standard helps to secure all areas that are connected to payment processes, and to implement security- relevant ac…

  • 30 Hardening SUSE Linux Enterprise with STIG
  • STIG stands for Security Technical Implementation Guide. The Defense Information Systems Agency (DISA) organization, which is a parent agency of the United States Department of Defense (DoD), approves and publishes Security Technical Implementation Guides (STIGs) and updates them every 90 days.